|
- Provide subjectAltName to openssl directly on the command line
As of OpenSSL 1 1 1, providing subjectAltName directly on command line becomes much easier, with the introduction of the -addext flag to openssl req (via this commit) The commit adds an example to the openssl req man page: Example of giving the most common attributes (subject and extensions) on the command line: openssl req -new -subj " C=GB
- Can I add a password to an existing private key?
Of course you can add remove a passphrase at a later time add one (assuming it was an rsa key, else use dsa) openssl rsa -aes256 -in your key -out your encrypted key mv your encrypted key your key chmod 400 your key the -aes256 tells openssl to encrypt the key with AES256 As ArianFaurtosh has correctly pointed out: For the encryption algorithm you can use any of aes128, aes192, aes256
- What are the main advantages of using LibreSSL versus OpenSSL
What are the main advantages of using LibreSSL vs OpenSSL? As I understood LibreSSL is a fork of OpenSSL: LibreSSL is a version of the TLS crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes Seems like a good idea to use it
- openssl - Which elliptic curve should I use? - Information Security . . .
I am currently renewing an SSL certificate, and I was considering switching to elliptic curves Per Bernstein and Lange, I know that some curves should not be used but I'm having difficulties selec
- tls - How do I use openssl s_client to test for (absence of) SSLv3 . . .
In order to mitigate the "Poodle" vulnerability, I'd like to disable SSLv3 support in my (in this case, TLS, rather than HTTPS) server How can I use openssl s_client to verify that I've done this?
- How is OpenSSL related to OpenSSH? - Information Security Stack Exchange
30 OpenSSH is a program depending on OpenSSL the library, specifically OpenSSH uses the libcrypto part of OpenSSL
- Generate CSR and private key with password with OpenSSL
27 I am using the following command in order to generate a CSR together with a private key by using OpenSSL: openssl req -new -subj " CN=sample myhost com" -out newcsr csr -nodes -sha512 -newkey rsa:2048 It generates two files: newcsr csr privkey pem The generated private key has no password: how can I add one during the generation process?
- openssl - How to disable CBC-mode ciphers - Information Security Stack . . .
Is there a simple allowlist-style way of disabling CBC mode cipher suites in apps that use an openssl cipher suite list? I'm hoping for something in the style of !RC4, however, !CBC has no effect,
|
|
|